Information on the processing of personal data under Articles 13-14 of Regulation (EU) 2016/679

Data Subjects: Website visitors

By virtue of the principles of fairness, lawfulness, transparency, protection of confidentiality and of data subjects‚Äô rights with concern to the processing of personal data under Article 13 of Regulation (EU) 2016/679 (hereinafter, ‚ÄúGDPR‚ÄĚ), this page provides information on the methods used for processing the personal data of the users accessing the website of AZIENDA PER IL TURISMO DELLA VAL DI FASSA SOCIET√Ä COOPERATIVA (hereinafter also ‚ÄúData Controller‚ÄĚ or "APT VAL DI FASSA") accessible on the Internet at:

DATA PROTECTION OFFICER

The Data Protection Officer designated under Article 37 of Regulation (EU) 2016/679, is Mr. Giovanni Poletto who can be contacted at the following e-mail address: dpo@fassa.com

PURPOSES OF PROCESSING

Your personal data shall be processed:

A) Without your express consent, for the following Service purposes:

Enable website registration;

Manage and maintain the website;

Enable users to subscribe to the newsletter services provided by the Data Controller and to have access to any additional services you may request;

Comply with the pre-contractual, contractual, and fiscal obligations arising out of any agreement in place with you;

Comply with obligations of law and regulation, with EU legislation or with orders issued by an Authority;

Prevent or discover fraudulent practices or actions damaging the website;

Exercise the Data Controller's rights, such as its right of defence in legal proceedings.

LEGAL BASIS FOR PROCESSING

The personal data indicated in this page are processed for the sole purpose of providing the service requested.

B) Exclusively with your specific and prior consent, for the following Marketing Purposes:

sending you newsletters, commercial messages and/or advertisement material on the products or services offered by the Data Controller, to your e-mail address. Please note that if you are already a client, we may send you commercial messages concerning Data Controller‚Äôs services and products that are similar to those you have already used, unless you disagree.

The optional, express, and voluntary sending of messages to APT VAL DI FASSA‚Äôs addresses, and the filling out and forwarding of the forms featured on the website entail the acquisition of the sender‚Äôs contact details, required to send a reply, and all the personal data included in said communications.Specific privacy notices will be published in the website‚Äôs pages dedicated to providing specific services.

TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING

Navigation data

The computer systems and software procedures used for the running of this website acquire, over the course of their normal operation, certain data which transmission is implicit to the use of Internet communication protocols.This category of data include IP addresses or domain names of the computers used by the users connecting to the Website, the URI (Uniform Resource Identifiers) of the queries made, the time of queries, the method used to submit a query to a web server, the size of the file obtained in reply, the numeric code indicating the status of the reply from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment of the user. These data are used for the exclusive purpose of checking that the Website is running properly.

Said data, required for the utilisation of web services, are also processed for the purpose of:

obtaining statistical information on the use of the services (web pages visited, number of visitors per time interval or day, geographical area of origin, etc.);

check that the services offered run properly.

Navigation data are stored for no longer than seven days and are deleted immediately after they are aggregated (except where the data is required for the judicial Authority to conduct investigations on criminal offences).

COOKIES AND OTHER TRACKING SYSTEMS

APT VAL DI FASSA uses computer technology to directly acquire the users‚Äô personal identification data. To know more on the type of cookies used, please read our ‚ÄúCookies policy‚ÄĚ, available at the following link.

SHARING YOUR DATA WITH THIRD PARTIES

In order to follow up on your requests, your data may be communicated to third parties (for instance, when checking on availability and/or booking accommodation).
The data shall be stored for the time strictly necessary to provide data subjects the services they requested, and in any case for no longer than 10 years. The data shall be deleted upon your request, without prejudice to the storage obligations provided by law. Your data shall not be disclosed. The optional, express, and voluntary sending of e-mails to the addresses indicated in the Website or in the forms featured therein entails the acquisition of the sender‚Äôs address, required to reply to requests, and of any other additional data entered in the communication. Specific summary privacy notices may be featured or visualised in the Website‚Äôs sections dedicated to special services, on request, and may be submitted to the approval of data subjects.

The processing of data functional to performing said obligations is required to properly manage the agreement in place and their provision is mandatory to attain the above purposes. The Data Controller further informs you that any failure to provide mandatory data, or incorrect data being entered in one of the mandatory categories may make it impossible for the data controller to guarantee processing consistency.

DATA RECIPIENTS

The recipients of the data collected as a result of accessing the above websites shall be the following parties, designated by the Data Controller, under Article 28 of the Regulation, as Processors.Maurizio Bonani for the websites www.mauriziobonani.com, in the capacity as provider of platform development and maintenance services and operating management of the technological platforms used.

The personal data collected are also processed by the members of staff of APT DELLA VAL DI FASSA, who acts based on specific instructions provided with respect to the purposes and methods of processing.

DISCLOSURE OF DATA AND PLACE OF PROCESSING

Your personal data shall not be disclosed in any manner whatsoever.The computer files onto which the data are processed as detailed above are located within the European Union. The personal data shall not be transferred outside the European Union.In case of necessity, however, the Data Controller shall have the right to move the location of its computer files in Countries outside the European Union. In this case, the Data Controller guarantees henceforth that the transfer of data to non-EU countries shall be in compliance with the applicable provisions of law, stipulating, where necessary, agreements aimed at guaranteeing an appropriate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

MINORS

This website and the Data Controller‚Äôs services are not intended to be used by persons under the age of 18, and the Data Controller does not intentionally collect personal information regarding minors. Should such information regarding minors be accidentally recorded, the Data Controller shall delete such information without delay on request by the users.

RIGHTS OF DATA SUBJECTS REGARDING PERSONAL DATA PROCESSING

they have the right to request access to their personal data, to have their personal data rectified or deleted, to restrict or object to the processing of the personal data, and to have their personal data transferred to a different data controller when the conditions apply;

the rectification or deletion of personal data or the restriction of the processing thereof in compliance with the data subjects' request shall be communicated by the Data Controller to each of the Processors to whom the personal data are transmitted - unless it is impossible or where it entails a disproportionate effort.

have the right to lodge a complaint with the Privacy Supervisory Authority, following the procedures and instructions published on the Supervisory Authority’s website at garanteprivacy.it.

The above rights are not subject to any formal restrictions and can exercised free of charge.

Privacy information updated as of 21/12/2018. The Information is updated as part of a policy of constant policy information review.

LEGAL BASIS

The legal basis for sending commercial communications and newsletters is your express consent, which the Data Controller asks you to provide on every page of the website where you can subscribe to said services, in compliance with Article 6, paragraph 1, letter a), of the general Regulation on personal data protection.

MANDATORY OR OPTIONAL PROVISION OF DATA

The provision of data is optional; however a refusal to provide data will prevent the Data Controller to comply with newsletter subscription requests.

VISUALIZING CONTENT FROM EXTERNAL PLATFORMS

Services enabling to visualise content hosted on platforms external to the pages of this website and enabling interaction with them. In case this kind of service is installed, it may be possible, even when users do not make any use thereof, for such platforms to collect traffic data relating to the pages on which the service is installed.

LINKS TO OTHER WEBSITES

The websites we redirect users to, including (but not only) secondary websites and providers of third-party services, might have different privacy policies to the one featured here. We take no responsibility whatsoever for the privacy policies adopted by linked websites, and we encourage you to learn more about said policies.

Privacy notice updated as of 21/01/2019. The Information is updated as part of a policy of constant policy information review.